freedom.press, also the firstlook/intercept...
Lodewijk andré de la porte
l at odewijk.nl
Fri Oct 2 07:28:23 PDT 2015
2015-10-02 10:58 GMT+02:00 Georgi Guninski <guninski at guninski.com>:
> On Thu, Oct 01, 2015 at 03:09:40PM -0700, Shelley wrote:
> >
> > Agree with both sentiments, but - who the hell opens documents of
> > dubious origin on a networked machine? Even on an airgapped
> > machine, I still use a VM...
> >
>
> Agree about VM, it adds another layer of protection.
>
> VMs have bugs too, as history shows.
>
> btw, does rowhammer escape VM? (appears to me yes).
You know, a webpage is supposed to be in a VM too.
With HTML growing so big and so fast it's very hard to know it's secure.
But I see little reason as to why Javascript is the baddest boy on the
block. iPhones Got wrecked by a png rendering library. Interpreting a
programming language is not *that* different from interpreting an image.
Even less different from interpreting HTML/CSS. If you would care for a
secure instead of a fast Javascript interpreter, well, too bad because
nobody's making a secure one. Hah.
Which relates as to why I lost a lot of personal photo's; I didn't use the
cloud backup feature. Now nobody has my pictures, except maybe whomever
stole my phone* =(
Using one of those file hosting sites provides a greater level of
convenience. Perhaps so much greater that without that level of convenience
it would hardly be possible at all. The consumers don't care to invest in
security very much, in fact, hardly at all. Especially when all you're
securing against sounds like more paranoia - which is what an
invisible-seems-like-its-not-even-there organization will always seem like.
(remember, the NSA lacks the field agents to even be anywhere, and I never
see GCHQ agents either)
* full disk crypto is not a thing in androidland ;(
tl;dr: javascript could be fine if we'd have secure software - as it is
HTML/CSS/images/videos/etc are all also dangerous. Top level security seems
(and often is) useless - therefore we don't really have it (even when we'd
like it so very much) unless we keep ourselves from essential features.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2846 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20151002/4a1f4e03/attachment-0002.txt>
More information about the cypherpunks
mailing list